feat(gator-permissions): add Gator Permissions deep link

[mj-kiwi]

Description

This PR adds support for the Gator Permissions deep link route, allowing users to navigate directly to the Gator Permissions page with specified parameters. The implementation includes a new route handler that validates and processes type and site query parameters, with comprehensive validation to ensure only valid URLs are passed through.

Key features:

• New /gator-permissions route with query parameter validation
• Support for token-transfer type parameter
• Origin validation using the URL standard API (validates protocol and origin format)
• Proper error handling for missing or invalid parameters
• Extensive test coverage for all validation scenarios

Changelog

CHANGELOG entry: Added Gator Permissions deep link support for token transfer operations

Related issues

Fixes:

Manual testing steps

1. Build the extension with yarn start:flask or appropriate build command
2. Navigate to the Gator Permissions page using the deep link: https://link.metamask.io/gator-permissions?type=token-transfer&site=http://localhost:8000
3. Verify that the page loads correctly with the provided parameters
4. Test with invalid parameters to ensure proper error handling and fallback behavior

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Extension Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk: adds a new deep-link route with strict parameter validation and test coverage, with no changes to existing routing behavior beyond registering the new path.

Overview
Adds a new deep link route '/gator-permissions' that resolves to /gator-permissions/:type/:site, validating required type (currently only token-transfer) and site (must be an http/https origin) before constructing the destination path.

Updates i18n strings for the new page title key and registers the route in the deep-link routes index, with comprehensive unit tests covering valid, missing, and invalid query parameter cases.

Extends .github/CODEOWNERS to assign the Delegation team ownership for the new gator-permissions areas.

^{Written by Cursor Bugbot for commit 3bea1d7. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[metamaskbotv2]

Builds ready [bdbfb72]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	348	272	519	95	382	519
	total	348	272	519	95	382	519
Confirm Tx	confirm_tx	6033	6022	6049	11	6035	6049
	total	6033	6022	6049	11	6035	6049
Bridge User Actions	bridge_load_page	248	194	328	49	270	328
	bridge_load_asset_picker	221	189	255	27	248	255
	bridge_search_token	742	703	765	24	758	765
	total	1236	1209	1257	20	1257	1257

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Standard Home	uiStartup	1612	1335	2011	122	1687	1810
	load	1338	1105	1633	109	1414	1521
	domContentLoaded	1329	1100	1626	109	1404	1512
	domInteractive	34	19	131	23	29	96
	firstPaint	191	77	1634	194	235	293
	backgroundConnect	237	210	319	16	243	269
	firstReactRender	22	13	54	7	22	37
	initialActions	1	0	8	1	1	4
	loadScripts	1111	875	1398	107	1187	1278
	setupStore	15	8	62	8	17	29
	numNetworkReqs	39	31	85	15	40	76
Power User Home	uiStartup	5078	1987	13935	2074	6311	8346
	load	1344	1130	1992	144	1396	1628
	domContentLoaded	1321	1124	1917	137	1361	1583
	domInteractive	45	20	298	49	35	152
	firstPaint	223	93	463	96	291	384
	backgroundConnect	1666	328	7483	1597	2529	4629
	firstReactRender	25	16	50	6	28	37
	initialActions	1	0	5	1	1	3
	loadScripts	1091	922	1646	127	1132	1334
	setupStore	18	7	62	10	21	31
	numNetworkReqs	169	83	292	44	190	256

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	221	219	223	2	221	223
	srpButtonToSrpForm	98	96	100	2	99	100
	confirmSrpToPwForm	23	23	24	0	23	24
	pwFormToMetricsScreen	16	16	16	0	16	16
	metricsToWalletReadyScreen	17	17	17	0	17	17
	doneButtonToHomeScreen	619	597	668	27	628	668
	openAccountMenuToAccountListLoaded	2917	2901	2944	16	2916	2944
	total	3899	3880	3944	26	3893	3944
Onboarding New Wallet	createWalletToSocialScreen	220	219	220	1	220	220
	srpButtonToPwForm	109	108	110	1	109	110
	createPwToRecoveryScreen	8	8	9	0	8	9
	skipBackupToMetricsScreen	39	37	40	1	40	40
	agreeButtonToOnboardingSuccess	17	16	17	0	17	17
	doneButtonToAssetList	497	484	522	14	503	522
	total	892	872	918	16	896	918
Asset Details	assetClickToPriceChart	79	75	83	3	81	83
	total	79	75	83	3	81	83
Solana Asset Details	assetClickToPriceChart	111	79	184	40	124	184
	total	111	79	184	40	124	184
Import Srp Home	loginToHomeScreen	2281	2240	2354	43	2273	2354
	openAccountMenuAfterLogin	56	40	68	11	63	68
	homeAfterImportWithNewWallet	2326	2277	2375	38	2350	2375
	total	4663	4616	4711	39	4711	4711
Send Transactions	openSendPageFromHome	49	23	70	17	58	70
	selectTokenToSendFormLoaded	35	24	44	8	39	44
	reviewTransactionToConfirmationPage	1163	1096	1205	48	1205	1205
	total	1245	1143	1300	72	1300	1300
Swap	openSwapPageFromHome	105	31	150	43	132	150
	fetchAndDisplaySwapQuotes	2696	2684	2712	12	2710	2712
	total	2801	2743	2860	40	2816	2860

🌐 Dapp Page Load Benchmarks

Current Commit: bdbfb72 | Date: 3/18/2026

📄 Localhost MetaMask Test Dapp

Samples: 100

Summary

• pageLoadTime-> current mean value: 1.05s (±53ms) 🟡 | historical mean value: 1.02s ⬆️ (historical data)
• domContentLoaded-> current mean value: 740ms (±61ms) 🟢 | historical mean value: 722ms ⬆️ (historical data)
• firstContentfulPaint-> current mean value: 93ms (±128ms) 🟢 | historical mean value: 88ms ⬆️ (historical data)

📈 Detailed Results

Metric	Mean	Std Dev	Min	Max	P95	P99
pageLoadTime	1.05s	53ms	1.02s	1.50s	1.09s	1.50s
domContentLoaded	740ms	61ms	714ms	1.29s	777ms	1.29s
firstPaint	93ms	128ms	68ms	1.36s	92ms	1.36s
firstContentfulPaint	93ms	128ms	68ms	1.36s	92ms	1.36s
largestContentfulPaint	0ms	0ms	0ms	0ms	0ms	0ms

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 58 Bytes (0%)
• ui: 8 Bytes (0%)
• common: 1.18 KiB (0.01%)

[metamaskbotv2]

✨ Files requiring CODEOWNER review ✨

🔒 @MetaMask/extension-security-team (1 files, +7 -0)

• 📁 .github/
  • 📄 CODEOWNERS +7 -0

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

There are 3 total unresolved issues (including 2 from previous reviews).

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[sonarqubecloud]

Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[metamaskbotv2]

Builds ready [3bea1d7]

• builds: chrome, firefox
• builds (beta): chrome, firefox
• builds (flask): chrome, firefox
• builds (test): chrome, firefox
• builds (test-flask): chrome, firefox
• webpack builds: chrome, firefox
• webpack builds (beta): chrome, firefox
• webpack builds (flask): chrome, firefox
• webpack builds (test): chrome, firefox
• webpack builds (test-flask): chrome, firefox
• bundle size: Bundle Size Stats
• interaction-benchmark: Interaction Stats
• storybook: Storybook
• typescript migration: Dashboard
• all artifacts
• bundle viz:

  • background: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
  • common: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19
  • ui: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21
  • content-script: 0
  • offscreen: 0

⚡ Performance Benchmarks

👆 Interaction Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Load New Account	load_new_account	291	264	319	18	300	319
	total	291	264	319	18	300	319
Confirm Tx	confirm_tx	6069	6001	6179	63	6088	6179
	total	6069	6001	6179	63	6088	6179
Bridge User Actions	bridge_load_page	264	213	328	39	280	328
	bridge_load_asset_picker	203	189	213	9	208	213
	bridge_search_token	720	697	746	16	727	746
	total	1179	1113	1254	57	1239	1254

🔌 Startup Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Standard Home	uiStartup	1491	1259	1786	102	1535	1680
	load	1235	1019	1481	88	1279	1385
	domContentLoaded	1228	1014	1452	86	1274	1366
	domInteractive	30	18	114	21	27	88
	firstPaint	154	72	1243	134	201	297
	backgroundConnect	223	203	321	16	229	247
	firstReactRender	20	12	110	10	20	30
	initialActions	1	0	8	1	1	4
	loadScripts	1021	817	1243	85	1071	1165
	setupStore	14	7	68	8	17	26
	numNetworkReqs	39	31	84	15	40	77
Power User Home	uiStartup	5410	2174	13330	2124	6574	8585
	load	1333	1155	1693	124	1360	1618
	domContentLoaded	1313	1140	1678	119	1334	1595
	domInteractive	41	20	327	42	34	108
	firstPaint	253	90	1630	229	303	410
	backgroundConnect	2085	308	10081	1869	3242	5226
	firstReactRender	25	17	54	5	27	32
	initialActions	1	0	5	1	1	3
	loadScripts	1083	924	1435	112	1116	1356
	setupStore	16	7	46	7	19	35
	numNetworkReqs	224	94	342	58	262	331

🧭 User Journey Benchmarks

Benchmark	Metric	Mean (ms)	Min (ms)	Max (ms)	Std Dev (ms)	P75 (ms)	P95 (ms)
Onboarding Import Wallet	importWalletToSocialScreen	220	218	222	2	220	222
	srpButtonToSrpForm	96	93	97	1	97	97
	confirmSrpToPwForm	22	22	22	0	22	22
	pwFormToMetricsScreen	16	16	16	0	16	16
	metricsToWalletReadyScreen	16	15	17	1	16	17
	doneButtonToHomeScreen	651	599	674	29	673	674
	openAccountMenuToAccountListLoaded	2918	2900	2938	14	2930	2938
	total	3943	3909	3966	20	3959	3966
Onboarding New Wallet	createWalletToSocialScreen	219	217	220	1	219	220
	srpButtonToPwForm	109	108	110	1	109	110
	createPwToRecoveryScreen	8	8	8	0	8	8
	skipBackupToMetricsScreen	38	38	39	0	39	39
	agreeButtonToOnboardingSuccess	16	16	16	0	16	16
	doneButtonToAssetList	579	491	722	93	600	722
	total	921	715	1132	137	992	1132
Asset Details	assetClickToPriceChart	68	53	89	15	84	89
	total	68	53	89	15	84	89
Solana Asset Details	assetClickToPriceChart	105	37	170	47	129	170
	total	105	37	170	47	129	170
Import Srp Home	loginToHomeScreen	2465	2217	2822	228	2638	2822
	openAccountMenuAfterLogin	55	38	82	15	61	82
	homeAfterImportWithNewWallet	2233	2197	2282	36	2282	2282
	total	4853	4463	5348	348	5001	5348
Send Transactions	openSendPageFromHome	32	26	42	6	33	42
	selectTokenToSendFormLoaded	31	30	31	0	31	31
	reviewTransactionToConfirmationPage	996	760	1181	148	1076	1181
	total	1068	820	1238	144	1137	1238
Swap	openSwapPageFromHome	86	63	113	18	84	113
	fetchAndDisplaySwapQuotes	2684	2683	2685	1	2685	2685
	total	2765	2759	2768	4	2768	2768

Dapp page load benchmarks: data not available.

Bundle size diffs [🚨 Warning! Bundle size has increased!]

• background: 58 Bytes (0%)
• ui: -6 Bytes (0%)
• common: 1.17 KiB (0.01%)

[jeffsmale90]

This is definitely only a nit: should we lean into the public naming /advanced-permissions/ ?

[mj-kiwi]

Due to our decision to use a different approach to display existing permissions MetaMask/snap-7715-permissions#288, we are going to close this PR.